Re: All external access broken after upgrading to ISA 2004

---

• From: "Steve Everington" <steve.nospam@xxxxxxxxxxxxxxxxxx>
• Date: Tue, 9 Aug 2005 07:59:55 +0100

---

Thanks for the replies.

Yes - must have been something like you said... I thought I had saved the
previous cert. but maybe I got it wrong somewhere.

Anyway, re-ran CEICW, re-published my web server and it all seems to be
working ok now.

Thanks again

Steve Everington

"Edward Tian" <v-edtian@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:fF%23IlWKnFHA.2700@xxxxxxxxxxxxxxxxxxxxxxxx
> Dear Steve:
> Thank you for posting here! Hi Les, thanks for your suggestion!
>
> Based on my experience, this issue can occur if the URL you use in the Web
> browser to access OWA, RWW and other web sites that does not match the
> name
> in ISA server 2004 web publishing rules. To resolve this issue, we must
> run
> CEICW and specify the FQDN that you will use to access the sites as the
> web
> server certificate. To do so:
>
> 1. On the SBS 2003 Server open the Server Management console. Go to
> Standard Management\To Do List.
>
> 2. Click the "Connect to the Internet" link.
>
> 3. Choose not to change the connection type and click Next. On the
> Firewall
> page, select "Enable firewall" and click Next (I suppose you have 2
> network
> adapters in SBS 2003).
>
> 4. On the "Services Configuration" page, select all the items and then
> click Next.
>
> 5. On the "Web Services Configuration" page, make sure "Allow access to
> the
> entire Web site from the Internet" is selected. If you select "Allow
> access
> to only the following Web site services from the Internet", make sure both
> the "Outlook Web Access" and "Remote Web Workplace" items are selected.
> Click Next.
>
> 6. On the "Web Server Certificate" page, choose to create a new Web server
> certificate and then type the public FQDN that you will use to access OWA
> (for example, if your public FQDN that you use to access the sites is
> mail.domain.com, you should type mail.domain.com as the new certificate
> name). If you already requested a certificate with the name
> "mail.domain.com" from a third party CA, you can choose "Use a Web server
> certificate from a trusted authority" and then import the certificate.
>
> 7. Go through the remaining steps. The wizard will automatically configure
> the SBS 2003 Basic Firewall to securely publish the two sites.
>
> 8. If you have a router or hardware firewall, configure it to forward
> inbound traffic on TCP port 80 and 443 to the SBS server's external
> address.
>
> 9. Then check if you can access OWA and RWW using
> https://mail.domain.com/exchange and https://mail.domain.com/remote.
>
> For more information regarding this problem, see:
>
> 842612 You receive a "403 Forbidden" message when you try to connect to a
> Web
> http://support.microsoft.com/?id=842612
>
> Please do not hesitate to let me know if you have any further concerns. I
> look forward to hearing from you.
>
> Have a nice day, Steve! :)
>
> Best Regards
> Edward Tian(MSFT)
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
> ======================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check
> the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In
> doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> ======================================================
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
> --------------------
> | From: "Steve Everington" <steve.nospam@xxxxxxxxxxxxxxxxxx>
> | Subject: All external access broken after upgrading to ISA 2004
> | Date: Mon, 8 Aug 2005 16:55:15 +0100
> | Lines: 16
> | Organization: Pannell Signs Ltd
> | X-Priority: 3
> | X-MSMail-Priority: Normal
> | X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
> | X-RFC2646: Format=Flowed; Original
> | Message-ID: <eEbwcGDnFHA.2580@xxxxxxxxxxxxxxxxxxxx>
> | Newsgroups: microsoft.public.windows.server.sbs
> | NNTP-Posting-Host: mailgate.pannellsigns.co.uk 80.177.158.58
> | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
> | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:142389
> | X-Tomcat-NG: microsoft.public.windows.server.sbs
> |
> | Hello,
> |
> | I have just upgraded my SBS 2003 premium edition to ISA 2004 and it
> appears
> | to have broken my OWA access for external clients (it still works ok
> from
> | PC's on the internal network) and the web sites I am hosting.
> |
> | Externally, users just get an error 403 Forbidden messge if they enter
> any
> | URL that points to my server.
> |
> | Any suggestions much appreciated!
> |
> | Regards
> |
> | Steve Everington
> |
> |
> |
>


.

---

• Follow-Ups:
  • Re: All external access broken after upgrading to ISA 2004
    • From: Edward Tian

• References:
  • All external access broken after upgrading to ISA 2004
    • From: Steve Everington
  • RE: All external access broken after upgrading to ISA 2004
    • From: Edward Tian

• Prev by Date: Re: Problems with ASP websites after Sp1 isa 2004 install
• Next by Date: RE: Existing PCs to new server
• Previous by thread: RE: All external access broken after upgrading to ISA 2004
• Next by thread: Re: All external access broken after upgrading to ISA 2004
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Configuring LDAP on Entourage 2004 OS X ... Microsoft CSS Online Newsgroup Support ... with Blackberry's because RIM's blackberry enterprise server works. ... Configuring LDAP on Entourage 2004 OS X ... does not work with a self signed SSL certificate OR with the SSL ... (microsoft.public.windows.server.sbs) Re: Configuring LDAP on Entourage 2004 OS X ... Microsoft CSS Online Newsgroup Support ... does not work with a self signed SSL certificate OR with the SSL ... configure the System to allow OMA and "Server ActiveSync" access from the ... Configuring Exchange Server 2003 for Client Access. ... (microsoft.public.windows.server.sbs) RE: Push Email not working ... Exchange server" error message when you try to access Outlook Mobile Access ... Microsoft CSS Online Newsgroup Support ... | Thread-Topic: Push Email not working ... | This could cause problems as I using the current certificate for Outlook ... (microsoft.public.windows.server.sbs) RE: Server Performance Report - Page not found ... use the Monitoring and Reporting snap-in or the Backup snap-in on a Windows ... Small Business Server 2003-based computer ... | Web Sites | Default Web Sites. ... Microsoft CSS Online Newsgroup Support ... (microsoft.public.windows.server.sbs) Re: Schannel event 36870 - 0x6 ... "Cannot manage Certificate Services. ... monitor the server to see if other error will occur. ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... (microsoft.public.windows.server.sbs)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.sbs  > 2005-08